Xcacls Problems : resetting home directories for individual users

I have previously asked a question similar to this when i was figuring out the actual syntax to use for the command.  Now i have done that and have seen the command working i have a further query;

The below command seems to work in the login script as a .CMD file when i am logged in as myslef (a domain admin) but when the script runs when a normal user logs in it returns with 'ERRROR The filename, directory name or volume label syntax is incorrect'

\\[servername]\xcacls.exe "\\[servername]\home\%username%" /T /E /C /G %username%:f /y
pause (just to see it step through)

Just wondering if any expert has any pearls of wisdom on this, before i resort to resetting all home directory access manually and individually.

ANy help would be much appreciated

Thanks
leon

leontAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
oBdAConnect With a Mentor Commented:
Since the user name and the folder name are identical, it's not too difficult to change those permissions at once.
Open a command prompt and enter a test command first (replacing the servername, obviously):
for /d %a in ("\\[servername]\home\*.*") do @ECHO @xcacls "%a" /T /E /C /G %Userdomain%\%~nxa:f /y
If this generates the correct output, remove the @echo above:
for /d %a in ("\\[servername]\home\*.*") do @xcacls "%a" /T /E /C /G %Userdomain%\%~nxa:f /y

If you prefer to put this into a batch script, replace the "%a" by "%%a" (the ECHO for the test mode is still there):

@echo off
for /d %%a in ("\\[servername]\home\*.*") do ECHO xcacls "%%a" /T /E /C /G %Userdomain%\%%~nxa:f /y
0
 
Richard QuadlingSenior Software DeveloperCommented:
Hi leont,


I think you can only grant rights if the USER running the script has the ability to play with rights.

You cannot (for example) give yourself superduper rights if you are guest.

When you are logging in, the "user" running the script is NOT the same user logging in. This is why you would use the login script to set the rights.

Regards,

Richard Quadling.
0
 
Azhrei1Commented:
can you access the username share on that server while logged in as the user?

http://technet2.microsoft.com/WindowsServer/en/Library/8ec308b8-9229-44bb-acad-707ec1b7f0a91033.mspx?mfr=true
0
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

 
leontAuthor Commented:
Thanks for the quick response, in response to Azhrei1's query, they cannot access thier own directories this is why i was looking to do it via login script (xcacls) otherwise i will have to go through every users home profile directory to reset the access right so only they have full control access to their own directories.  Rquadling, i had a feeling it would be something like that, looks like theres no quick way to do this then?

Leon
0
 
Azhrei1Commented:
I will have to agree with Richard, Leon :(
0
 
Richard QuadlingSenior Software DeveloperCommented:
OOI. Why not jus leave it in the Login script?

If they don't login, they can't access their files!

If they do, the login script sets the rights and they can access their files.

I don't see any problem.
0
 
leontAuthor Commented:
Hi RQuadling, Thats the root problem, all the home drives where migrated from one server to another and they lost their individual full control access rights and thats what i'm trying to restore when they logon so only the user logging in can access thier own home drive and no one elses, that script works if its a domain admin user logging in but doesn't when the normal user logs in

leon
0
 
Richard QuadlingSenior Software DeveloperCommented:
Aha!

Hmm.

I was just about to suggest oBdA's answer. As the usernames are the directory names, then a one shot of for /D will do the trick.
0
 
leontAuthor Commented:
i will have a look at that.

Thanks
0
 
leontAuthor Commented:
Hi everyone sorry for the delay in responding to close this question, wondering if someone could advise, as while i agree some of the suggestions may work in certain circumstances, i have eventually reverted to way i was originally going to do it so don't know who to assign the points to.  I was going to split the points between RQuading and oBdA, if anyone has any problems with this please let me know.

Thanks
Leon
0
 
Richard QuadlingSenior Software DeveloperCommented:
What way did you use?
0
 
Richard QuadlingSenior Software DeveloperCommented:
I have to say that oBdA's answer is right on the button for a one off fix.
0
 
leontAuthor Commented:
Thanks RQuading, i'll give oBdA the points then if thats ok.  In answer to your first question i took the cowards wayout of this one and reset all the home drive directories to a path that didn't exist i.e.

\\[servername]\homes\%username% (where homes doesn't exist) then went into each individual AD settings and changed it to;
\\[servername]\home\%username% and when the re-mapping is applied it resets the access for the user.

Long winded I know, good job i've only got around 400 users!!

thanks everyone.  I will look into the oBdA gave for future use but not that use to scripting, so i'll look through and figure out what that script actually does for myself.

again many thanks.

Leon
0
 
oBdACommented:
Have a look here, nice resources for batch scripting: http://www.robvanderwoude.com/
0
 
leontAuthor Commented:
Many thanks oBdA

Leon
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.